Kyberturvallisuus valtiollisena toimintaympäristönä ja siihen kohdistuvat uhkat

Toimivat tietoliikenne- ja viestintäjärjestelmät ovat digitaalisessa maailmassa tärkeä osa yhteiskunnan perusinfrastruktuuria, mutta ne eivät ole riippumattomia poliittisista ideologioista, kansallisvaltioiden päämääristätai kaupallisista intresseistä. Tässä teoreettisessa artikkelissa tätä infrastruktuuria tarkastellaan käsitteellistäen se kybertoimintaympäristöksi. Koska kybertoimintaympäristön olemassaolo määrittyy erilaisten uhkienkautta, kohdistuu kiinnostuksemme ennen muuta kyberturvallisuuteen. Tämän artikkelin tavoite on yhtäältä analysoida kyberturvallisuuden käsitettä ja toisaalta luoda ymmärrystä siitä, miten valtiolliset strategiatekstitja uutistekstit osaltaan rakentavat kyberturvallisuutta toimintaympäristönä. Tutkimuksessa osoitetaan, että kyberturvallisuus on tietoverkkojen ydintoimintoihin kytkeytyvä mutta ristiriitainen ilmiö. Kyberhyökkäyksiinliittyvä uutisointi keskittyy sekä uhkien hallitsemattomuuteen että vahvoihin toimijoihin, jotka taistelevat niitä vastaan. Kyberturvallisuusstrategiat taas ovat keino hälventää ristiriitaista käsitystä valtioista kansalaisten valvojina ja vakuuttaa heidät siitä, että valtion toimet kybermaailmassa ovat heidän parhaakseen

Cybersecurity issues in software architectures for innovative services

The recent advances in data center development have been at the basis of the widespread success of the cloud computing paradigm, which is at the basis of models for software based applications and services, which is the "Everything as a Service" (XaaS) model. According to the XaaS model, service of any kind are deployed on demand as cloud based applications, with a great degree of flexibility and a limited need for investments in dedicated hardware and or software components. This approach opens up a lot of opportunities, for instance providing access to complex and widely distributed applications, whose cost and complexity represented in the past a significant entry barrier, also to small or emerging businesses. Unfortunately, networking is now embedded in every service and application, raising several cybersecurity issues related to corruption and leakage of data, unauthorized access, etc. However, new service-oriented architectures are emerging in this context, the so-called services enabler architecture. The aim of these architectures is not only to expose and give the resources to these types of services, but it is also to validate them. The validation includes numerous aspects, from the legal to the infrastructural ones e.g., but above all the cybersecurity threats. A solid threat analysis of the aforementioned architecture is therefore necessary, and this is the main goal of this thesis. This work investigate the security threats of the emerging service enabler architectures, providing proof of concepts for these issues and the solutions too, based on several use-cases implemented in real world scenarios

Security and defence research in the European Union: a landscape review

This landscape report describes the state of play of the European Union’s policies and activities in security and defence and the EU-funded research aimed at supporting them, with an exclusive focus on intentional harm. It is organised around several thematic building blocks under the umbrella of the three core priorities defined in the European agenda on security. The report reviews the current main risks and threats but also those that may emerge within the next 5 years, the policy and operational means developed to combat them, the main active stakeholders and the EU legislation in force. In this context, a short history of EU research on security and defence is presented, followed by an inventory of relevant research and development projects funded under the Horizon 2020 framework programme during the period 2014-2018. The specific contributions of the Joint Research Centre to security research are also highlighted. Finally, future avenues for security and defence research and development are discussed. Please note that the executive summary of this landscape report has been published simultaneously as a companion document.JRC.E.7-Knowledge for Security and Migratio